From f94c0b6b717b6b205321bfa369cdeff10a271ece Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Fri, 21 May 2021 18:58:22 +0200 Subject: [PATCH] Add razorfy and bind config --- README.md | 2 +- etc/bind/named.conf.options | 26 +++++++ etc/razorfy.conf | 14 ++++ razorfy.pl | 131 ++++++++++++++++++++++++++++++++++++ 4 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 etc/bind/named.conf.options create mode 100644 etc/razorfy.conf create mode 100755 razorfy.pl diff --git a/README.md b/README.md index 5a3d3b3..746d7e1 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ deb tor://vwakviie2ienjx6t.onion/debian `lsb_release -cs` main Copy (and modify according to your needs) the site files in `var/www` to `/var/www` and the configuration files in `etc` to `/etc` after installation has finished. Then restart some services: ``` -systemctl daemon-reload && service tor restart && service dnsmasq restart +systemctl daemon-reload && systemctl restart bind9.service && systemctl restart dnsmasq.service && systemctl restart tor@default.service ``` Now there should be an onion domain in `/var/lib/tor/hidden_service/hostname`: diff --git a/etc/bind/named.conf.options b/etc/bind/named.conf.options new file mode 100644 index 0000000..40a8c78 --- /dev/null +++ b/etc/bind/named.conf.options @@ -0,0 +1,26 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + listen-on-v6 port 55 { ::1; }; + listen-on port 55 { 127.0.0.1; }; + recursion yes; +}; diff --git a/etc/razorfy.conf b/etc/razorfy.conf new file mode 100644 index 0000000..8b46a07 --- /dev/null +++ b/etc/razorfy.conf @@ -0,0 +1,14 @@ +# Razorfy Configuration file + +# set to 1 to enable debug logging (Default 0) +RAZORFY_DEBUG = 0 + +# max number of threads to use (Default 200) +RAZORFY_MAXTHREADS = 200 + +# bind razorfy default to local ip address (127.0.0.1) +# use :: for all (dual stack), 0.0.0.0 (all ipv4), ::1 localhost v6only, 127.0.0.1 localhost ipv4 +RAZORFY_BINDADDRESS = 127.0.0.1 + +# tcp port to use +RAZORFY_BINDPORT = 11342 diff --git a/razorfy.pl b/razorfy.pl new file mode 100755 index 0000000..6e8b1e6 --- /dev/null +++ b/razorfy.pl @@ -0,0 +1,131 @@ +#!/usr/bin/perl + +# Copyright (c) 2020, Mirko Ludeke +# Copyright (c) 2020, Carsten Rosenberg +# Copyright (c) 2020, Andreas Boesen +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +use strict; +use warnings; +use IO::Socket::IP; +use IO::Select; +use threads; +use Data::Dumper; +use POSIX qw(setlocale strftime); +use Razor2::Client::Agent; + +# set to 1 to enable debug logging +my $debug = defined($ENV{'RAZORFY_DEBUG'}) ? $ENV{'RAZORFY_DEBUG'} : 0; +# max number of threa to use +my $maxthreads = defined($ENV{'RAZORFY_MAXTHREADS'}) ? $ENV{'RAZORFY_MAXTHREADS'} : 200; +# bind razorfy to default to local ip address +# use :: for all (dual stack), 0.0.0.0 (all ipv4), ::1 localhost v6only, 127.0.0.1 localhost ipv4 +my $bindaddress = defined($ENV{'RAZORFY_BINDADDRESS'}) ? $ENV{'RAZORFY_BINDADDRESS'} : '127.0.0.1'; +# tcp port to use +my $bindport = defined($ENV{'RAZORFY_BINDPORT'}) ? $ENV{'RAZORFY_BINDPORT'} : '11342'; + +my $agent = new Razor2::Client::Agent('razor-check') or die ; + $agent->read_options() or die $agent->errstr ."\n"; + $agent->do_conf() or die $agent->errstr ."\n"; + +my %logret = ( 0 => 'spam', 1 => 'ham'); + +sub Main +{ + # flush after every write + $| = 1; + + my ( $socket, $client_socket ); + + # Bind to listening address and port + $socket = new IO::Socket::IP ( + LocalHost => $bindaddress, + LocalPort => $bindport, + Proto => 'tcp', + Listen => 10, + ReuseAddr => 1 + ) or die "Could not open socket: ".$!."\n"; + + ErrorLog( "RAZORFY started, PID: $$ Waiting for client connections..."); + + my @clients = (); + + # start infinity loop + while(1) + { + + # Limit threads + my @threads = threads->list(threads::running); + + if( $#threads < $maxthreads ) { + + # Waiting for new client connection. + $client_socket = $socket->accept(); + + # Push new client connection to it's own thread + push ( @clients, threads->create( \&clientHandler, $client_socket ) ); + + ErrorLog( "active threads: $#threads") if $debug ; + ErrorLog( "client array length: " . scalar @clients) if $debug ; + + my $counter = 0; + foreach ( @clients ) + { + if( $_->is_joinable() ) { + $_->join(); + } + if( not $_->is_running() ) { + splice(@clients,$counter,1); + } + $counter++; + } + } + } + $socket->close(); + return 1; +} + +sub clientHandler +{ + # Socket is passed to thread as first (and only) argument. + my ($client_socket) = @_; + + # Create hash for user connection/session information and set initial connection information. + my %user = (); + $user{peer_address} = $client_socket->peerhost(); + $user{peer_port} = $client_socket->peerport(); + + ErrorLog( "Accepted New Client Connection From:".$user{peer_address}.":".$user{peer_port}) if $debug; + + my %hashr; + $hashr{'fh'} = $client_socket; + + my $ret = $agent->checkit(\%hashr); + print $client_socket ( $ret == 0) ? "spam" : "ham"; + + ErrorLog( "return value: ". $logret{$ret} ) if $debug; + + $client_socket->shutdown(2); + threads->exit(); +} + +sub ErrorLog { +setlocale(&POSIX::LC_ALL, "en_US"); + my $msg = shift; + my $datestring = strftime "%b %e %H:%M:%S", localtime; + print STDERR $msg."\n"; +} + +# Start the Main loop +Main();